Fortigate – Generate a certificate request and import a signed certificate back into the Fortigate.

Create the certificate request in the Fortigate:

System –> Certificate –> Local Certificates —> Generate



Once you create the certificate request you should see it in your list with a status of “Pending”, select the certificate request and download it. This is the file you’ll send to the CA of your choosing to get it signed. The certificate you get back from the CA can now be imported into the Fortigate.

It should be noted that you may also get the intermediate and root certificate from the CA which would be imported into the CA certificate section or may need to be chained along with your server certificate.

You can now select this certificate in the SSL VPN Config and will be presented to browsers on access.


If you also want to use the same certificate to prevent the invalid certificate message for administrative access to your Fortigate you need to set this as well but this option can only be set via CLI:

#config system global
#set admin-server-cert?
#set admin-server-cert <cert name>



Leave a Reply